0

I have a program written in Python. Its something that would be "distributed" to only a couple people. But the code is pretty valuable to me. Is there a way to give out laptops that will only give users access to this one program?

What are the possible issues with this? Is there a way to make this secure? The laptop will only be used for this program. It just needs standard functionality like keyboard/mouse/graphics and ability to connect to local network. Thats all it needs outside of running python and a couple python modules.

I found these replies, but they are about VNC and Remote Desktop:

lessharm
  • 11
  • 4
  • 1
    You want to prevent people form being able to look at the code or you want to prevent them from running unauthorized software on a machine that's connected to your LAN? Is that to protect sensitive company data? – Tesseract Aug 19 '17 at 17:37
  • I want to prevent them from looking at the code. – lessharm Aug 19 '17 at 22:18
  • There is only one safe way to do this. Run as much code as possible on some server no one has access to and run only the GUI on the users laptops. e.g. a webapp with a server side python backend. Although I doubt that your code actually contains any secrets that other companies would like to steal. – Tesseract Aug 20 '17 at 01:12
  • Compile the Python code, and while it is possible to decompile Python code, it takes extra effort. – Ramhound Aug 20 '17 at 02:50
  • This doesn't help at all. I'm not asking if my software is valuable. I'm not asking how to compile Python code. I don't want to run code on a server. Otherwise I wouldn't be asking this question. – lessharm Aug 20 '17 at 04:27

2 Answers2

1

The recipient will always be able to look at your program, if they try hard enough. You can try to obfuscate the code by compiling it to an executable, however smart people can decompile it. Always remember, once something leaves you control, someone else now has the control.

Keltari
  • 71,875
  • 26
  • 179
  • 229
  • Can you please explain exactly how "obfuscate the code by compiling it to an executable" will only give users access to this one program? – lessharm Aug 20 '17 at 04:30
  • @lessharm there are many ways to lock down a machine to limit the users ability to run specific programs. google it. – Keltari Aug 20 '17 at 04:43
0

Given the limitations you have specified (no compiling and no remote server), the answer is "no", there is no way to guarantee your code cannot be read freely by anyone with access to the computer the code it running on.

Keltari at least touched on the issue: Even compiled, a sufficiently determined person can reverse-compile the code.

You can even lock a computer down into what is called "kiosk" mode which allows some control over what is allowed to run in the UI, but once again, a sufficiently determined person can still get at your code.

The only way to protect code that you consider as valuable as you appear to consider this code, is to not release it, or to use a server-side application and a separate client UI which does not allow access to the server except through protected and monitored channels.

music2myear
  • 40,472
  • 44
  • 86
  • 127